#!/bin/bash

# Kubernetes is delivered in a non-functional state on Fedora and similar operating systems
# The following commands are needed to get it running.

cd /etc/kubernetes/

cat <<EOF > openssl.conf
oid_section             = new_oids
[new_oids]
[req]
encrypt_key             = no
string_mask             = nombstr
req_extensions          = v3_req
distinguished_name      = v3_name
[v3_name]
commonName              = kubernetes
[v3_req]
basicConstraints        = CA:FALSE
subjectAltName          = @alt_names
[alt_names]
DNS.1                   = kubernetes
DNS.2                   = kubernetes.default
DNS.3                   = kubernetes.default.svc
DNS.4                   = kubernetes.default.svc.cluster.local
IP.1                    = 127.0.0.1
IP.2                    = 10.254.0.1
EOF

openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -days 3072 -out ca.crt -subj '/CN=kubernetes'
openssl genrsa -out server.key 2048
openssl req -config openssl.conf -new -key server.key -out server.csr -subj '/CN=kubernetes'
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3072 -extensions v3_req -extfile openssl.conf

echo -e '{"user":"admin"}\n{"user":"scruffy","readonly": true}' > /etc/kubernetes/authorization
echo -e 'fubar,admin,10101\nscruffy,scruffy,10102' > /etc/kubernetes/passwd

echo 'KUBE_API_ARGS="--service_account_key_file=/etc/kubernetes/server.key --client-ca-file=/etc/kubernetes/ca.crt --tls-cert-file=/etc/kubernetes/server.crt --tls-private-key-file=/etc/kubernetes/server.key --basic_auth_file=/etc/kubernetes/passwd --authorization_mode=ABAC --authorization_policy_file=/etc/kubernetes/authorization"' >> apiserver
echo 'KUBE_CONTROLLER_MANAGER_ARGS="--root-ca-file=/etc/kubernetes/ca.crt --service-account-private-key-file=/etc/kubernetes/server.key"' >> controller-manager

